571 Open source projects that are alternatives of or similar to Tuktuk

Turn your VPS into an attack box

Pentest: Subdomains enumeration tool for penetration testers.

One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️

A fast DOM based XSS vulnerability scanner with simplicity.

Offensive Docker is an image with the more used offensive tools to create an environment easily and quickly to launch assessment to the targets.

Powerfull XSS Scanning and Parameter analysis tool&gem

A Tool for Domain Flyovers

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.

An automated approach to performing recon for bug bounty hunting and penetration testing.

Pentest/BugBounty progress control with scanning modules

This challenge is Inon Shkedy's 31 days API Security Tips.

Framework for rapid development and reusable of security tools

Yet Another PHP Shell - The most complete PHP reverse shell

Related subdomains finder

A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Automated Red Team Infrastructure deployement using Docker

Find exploits in local and online databases instantly

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Pentest/BugBounty progress control with scanning modules

Misc. Public Reports of Penetration Testing and Security Audits.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

RFD Checker - security CLI tool to test Reflected File Download issues

Penetration tests guide based on OWASP including test cases, resources and examples.

Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.

CVE-2017-9506 - SSRF

some pentest scripts & tools by [email protected]

Docker images for infosec tools

Python library and CLI for the Bug Bounty Recon API

Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.

Wavestone's web interface for password cracking with hashcat

Automated NoSQL database enumeration and web application exploitation tool.

Repositório com conteúdo sobre web hacking em português

Username enumeration and password spraying tool aimed at Microsoft O365.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Tools of "The Bug Hunters Methodology V2 by @jhaddix"

Poor (rich?) man's bug bounty pipeline

A curated list of bugbounty writeups (Bug type wise) , inspired from https://github.com/ngalongc/bug-bounty-reference

A wrapper for Nmap to quickly run network scans

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. Portia performs privilege escalation as well as lateral movement automatically in the network

The ultimate WinRM shell for hacking/pentesting

A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and reading material in 'BookmarkList' CherryTree. Reconscan Py2 and Py3. Custom ISO building.

A list of payload and bypass lists for penetration testing and red team infrastructure build.

Scanning APK file for URIs, endpoints & secrets.

Open source all-in-one CLI tool to semi-automate pentesting.

🎯 Server Side Template Injection Payloads

A tool to test security of json web token

Hooks in to interesting functions and helps reverse the web app faster.

🔐 Docker Container for Penetration Testing & Security

TechNowLogger is Windows/Linux Keylogger Generator which sends key-logs via email with other juicy target info

Passwords Recovery Tool

🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

A Cloudflare resolver that works

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.